Lucene search
K

823 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.25 views

Security Bulletin: Vulnerability in libexpat affects IBM Cloud Pak System[CVE-2024-45490]

Summary Vulnerability in libexpat affects IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45490 DESCRIPTION: libexpat could provide weaker than expected security, caused by the failure to reject a negative length for XMLParseBuffer. By providing a negative length value to the...

7.5CVSS6.5AI score0.01686EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.27 views

Security Bulletin: A vulnerability in WebSphere Application Server Liberty affects IBM Robotic Process Automation and may result in an External Entity Injection (XXE) attack when processing XML data (CVE-2024-22354).

Summary A vulnerability in WebSphere Application Server Liberty affects IBM Robotic Process Automation and may result in an External Entity Injection XXE attack when processing XML data. WebSphere Application Server is used as the application server layer for IBM Robotic Process Automation...

7CVSS6.7AI score0.00649EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/01/23 12:0 a.m.27 views

GLSA-202501-08 : Qt: Buffer Overflow

The remote host is affected by the vulnerability described in GLSA-202501-08 Qt: Buffer Overflow When given specifically crafted data then QXmlStreamReader can end up causing a buffer overflow and subsequently a crash or freeze or get out of memory on recursive entity expansion, with DTD tokens i...

7.5CVSS7.4AI score0.01324EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/01/17 2:16 a.m.5 views

CVE-2024-51462 IBM QRadar WinCollect Agent data manipulation

IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data...

4CVSS4.3AI score0.00357EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2025/01/13 1:2 a.m.22 views

USN-7199-1: xmltok library vulnerabilities

It was discovered that Expat, contained within the xmltok library, incorrectly handled malformed XML data. If a user or application were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. CVE-2015-1283, CVE-2016-0718,...

9.8CVSS8AI score0.19069EPSS
Exploits6
CNVD
CNVD
added 2024/09/24 12:0 a.m.5 views

Apache HertzBeat Deserialization Vulnerability

Apache HertzBeat is a tool from the American company Apache Apache that can monitor various components. A deserialization vulnerability exists in Apache HertzBeat versions prior to 1.6.0, which stems from the insecure deserialization of serialized data received from users by the SnakeYAML library...

8.8CVSS7.5AI score0.04054EPSS
Exploits0References1
NVD
NVD
added 2024/06/23 11:15 p.m.16 views

CVE-2024-39334

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. The server process is not affected...

6.5CVSS0.00358EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/23 12:0 a.m.10 views

CVE-2024-39334

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. The server process is not affected...

7.1AI score0.00358EPSS
Exploits0References1
CVE
CVE
added 2024/06/23 12:0 a.m.45 views

CVE-2024-39334

CVE-2024-39334 affects MENDELSON AS4 prior to 2024 B376. The vulnerability is client-side: when a trading partner provides prepared XML data, opening the transaction details in the client can allow writing files to the client machine (server process is unaffected). The CVSS indicates network acce...

6.5CVSS6.9AI score0.00358EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/23 12:0 a.m.19 views

CVE-2024-39334

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. The server process is not affected...

0.00358EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/11 12:0 a.m.4 views

PT-2024-4214 · Aveva · Aveva Pi Asset Framework Client

Name of the Vulnerable Software and Affected Versions: AVEVA PI Asset Framework Client affected versions not specified Description: The issue allows malicious code to execute on the PI System Explorer environment under the privileges of an interactive user. This can happen when an attacker social...

7.8CVSS7.5AI score0.00188EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2024/06/05 12:0 a.m.15 views

openSUSE Security Advisory (SUSE-SU-2024:1882-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8AI score0.01565EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.13 views

RHEL 6 : expat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - expat: Large number of prefixed XML attributes on a single tag can crash libexpat CVE-2021-45960 - expat:...

9.6AI score0.19069EPSS
Exploits7References19
NVD
NVD
added 2024/05/03 3:15 a.m.13 views

CVE-2023-44409

D-Link DAP-1325 SetSetupWizardStatus Enabled Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

8.8CVSS9.1AI score0.0075EPSS
Exploits0References1
OSV
OSV
added 2024/05/03 3:15 a.m.3 views

CVE-2023-44406

D-Link DAP-1325 SetAPLanSettings DeviceName Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

8.8CVSS6.3AI score0.0075EPSS
Exploits0References1
NVD
NVD
added 2024/05/03 3:15 a.m.24 views

CVE-2023-44404

D-Link DAP-1325 getvaluefromapp Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The...

8.8CVSS9.1AI score0.0075EPSS
Exploits0References1
NVD
NVD
added 2024/05/03 3:15 a.m.25 views

CVE-2023-44407

D-Link DAP-1325 SetAPLanSettings Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

8.8CVSS9.1AI score0.0075EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.5 views

CVE-2023-44408

D-Link DAP-1325 SetAPLanSettings IPAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerabilit...

8.8CVSS6.4AI score0.0075EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/05/03 3:15 a.m.16 views

CVE-2023-44405

D-Link DAP-1325 getvalueofkey Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The...

8.8CVSS9.1AI score0.0075EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.4 views

CVE-2023-44404

D-Link DAP-1325 getvaluefromapp Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The...

8.8CVSS6.4AI score0.0075EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder